Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp2460195imm; Mon, 16 Jul 2018 08:22:18 -0700 (PDT) X-Google-Smtp-Source: AAOMgpcFQZUCjbG47nsZ5gpf1g4f3mRkMhSRirioAi7ctVf+zlkAd6EuVqkD8GbFs/bKS79u9fOt X-Received: by 2002:a63:7703:: with SMTP id s3-v6mr16133541pgc.339.1531754538564; Mon, 16 Jul 2018 08:22:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1531754538; cv=none; d=google.com; s=arc-20160816; b=lv40B58yt4fpAXFzfpdz4M1V3XXzJ8cJ1mkUFYXx72LPhOZ7CIH3Yu8kTPb/eqsqCP z0a5ry6/XpzFiQDAnrQ0Jz9wi/Yo/UK13+ycqgDj/ibB1+lrLjjcBwwYeUuDvUd9oYmZ 0UuCWQK2BLS/ZdX9G7vH2yd4d3VGL05lEulkm2L6t2n3PRx15Qw+p2cR87VeatKkwq97 thA66jCtzD/PdWmFm6UYTfHngYb2QiyjR5vzlkfnPPeD0oBGtN5i5URrBq5C7BYO+Hh2 kns7DqVQVmsTRppDXNV8JPwGv7G+o1Pk5zRsoWHPpaPyS26ssHuHBmMxrhJPL50e6o+y fM2w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature:dkim-signature:arc-authentication-results; bh=XX4NfZn4kDkjAl0oM+QXjmkOtluHhcNIar1SfoTomf0=; b=GLDqxYxuE2iVCHEi1J5wbTdtUTrUrT84GcKAngXKi9CsNlWVOp6/oKtpg4FEfpq1G0 JynqIREw//Sd5PhCuEl9ZU1pCjTj/Oy8/hEsxULNJMGAKONvozRzKF5K8UsQ+piLGGbG XiIMKiExoO4PmgIl17u+EGbqknSolleMLYEh/7PAwaD8kxSgvo7LXvboQQdOaAApBpzK r3X35b7gggjKV5GiO3soOj12t5swJzaA+0Njn3BEKH8hSDcz5Xre0sibO5NtawzwoIE4 APl9YAg9UucvPdJLbUe88lfR8qr8EJ2U0ZUBXyjzi0bva3hu02jxZcNPdbH4jJC3RHbV e5AQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@pks.im header.s=fm1 header.b=exAqppZL; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b="ZxbwLD/f"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t137-v6si29949984pgb.528.2018.07.16.08.22.03; Mon, 16 Jul 2018 08:22:18 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@pks.im header.s=fm1 header.b=exAqppZL; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b="ZxbwLD/f"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730094AbeGPPs7 (ORCPT + 99 others); Mon, 16 Jul 2018 11:48:59 -0400 Received: from wout5-smtp.messagingengine.com ([64.147.123.21]:37147 "EHLO wout5-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727387AbeGPPs7 (ORCPT ); Mon, 16 Jul 2018 11:48:59 -0400 X-Greylist: delayed 548 seconds by postgrey-1.27 at vger.kernel.org; Mon, 16 Jul 2018 11:48:58 EDT Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id 11DBD2D5; Mon, 16 Jul 2018 11:11:56 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Mon, 16 Jul 2018 11:11:56 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pks.im; h=cc :content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=XX4NfZn4kDkjAl0oM+QXjmkOtluHhcNIar1SfoTomf0=; b=exAqppZL sHVfd3+2MGjwhhh0+9JVFsb5JO/AIsn8TiIE54k0jSJVp2C1PIqCu27a7rEFftud oJ6a+qmkrEWP9lamIKhzkx4YvRYoNyzaJHwf6VyvVv7uc2btGjOo2mbrupdBqzNy CArUJx1wB3zozL73jGOE8+4LuyU9nzo5jtonsslHS0Ci0tEnoL9Mdq2GDkrEDRiK zPdLWlAXMmLJvfeu57mlO3/PCN8O8rZxyVidF3fUvvR0KKZ5d5BSoRrTg1os5Ok8 OCrntXg9uhQgNdC7RW/FaG75xPgh5cb2G6B2uChM+bADIjVBsDPz0dAMKVJPuc28 LmEEZm3vO9iYEQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm3; bh=XX4NfZn4kDkjAl0oM+QXjmkOtluHh cNIar1SfoTomf0=; b=ZxbwLD/f/5agFj/8J7VAIuG/Fz+EEuytPNeKVJGacBM+c IGw+EXlLsmSkxCyH0avmiHj/wI3V1/21E4vffEgn2pdm77BJK146ciPXNLyAgiMo YkUfa1zA2Qwi+Gmr0Qb97FksXQHoaqVKGuG9ASPuFJ4F73I0cn/s3ZYJNLOzhYX6 Fp0WmqbFQLSQR7NtEn49WgS+7u3GqnMKZFk3fIv7TrNsUXuIG8ptSBeXUjjhFu6h oz68FP+cu/DSEryMbDZzwfLyFPlaCTNeyOleJuN+ciq0nQFth7Zm3O2a59JkX9vG m/2l4wpZuDrzbo9hNoOK2Swr1vNMAKwXsHH3Z9cfw== X-ME-Proxy: X-ME-Sender: Received: from apu2.pks.im (x4db33da9.dyn.telefonica.de [77.179.61.169]) by mail.messagingengine.com (Postfix) with ESMTPA id 8E45BE473B; Mon, 16 Jul 2018 11:11:54 -0400 (EDT) Received: from localhost (10.192.0.11 [10.192.0.11]) by apu2.pks.im (OpenSMTPD) with ESMTPSA id 1cb67304 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Mon, 16 Jul 2018 15:11:53 +0000 (UTC) Date: Mon, 16 Jul 2018 17:11:53 +0200 From: Patrick Steinhardt To: Ming Lei Cc: Jens Axboe , linux-block , Linux Kernel Mailing List Subject: Re: [PATCH] block: fix NPE when resuming SCSI devices using blk-mq Message-ID: <20180716151153.GC1787@ncase.pks.im> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="ieNMXl1Fr3cevapt" Content-Disposition: inline In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --ieNMXl1Fr3cevapt Content-Type: multipart/mixed; boundary="CblX+4bnyfN0pR09" Content-Disposition: inline --CblX+4bnyfN0pR09 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jul 13, 2018 at 09:41:41PM +0800, Ming Lei wrote: > On Fri, Jul 13, 2018 at 9:29 PM, Patrick Steinhardt wrote: > > When power management for SCSI is enabled and if a device uses blk-mq, > > it is possible to trigger a `NULL` pointer exception when resuming that > > device. The NPE is triggered when trying to dereference the `request_fn` > > function pointer of the device's `request_queue`: > > > > __blk_run_queue_uncond:470 > > __blk_run_queue:490 > > blk_post_runtime_resume:3889 > > sdev_runtime_resume:263 > > scsi_runtime_resume:275 > > > > When the SCSI device is being allocated by `scsi_alloc_sdev`, the > > device's request queue will either be initialized via > > `scsi_mq_alloc_queue` or `scsi_old_alloc_queue`. But the `request_fn` > > member of the request queue is in fact only being set in > > `scsi_old_alloc_queue`, which will then later cause the mentioned NPE. > > > > Fix the issue by checking whether the `request_fn` is set in > > `__blk_run_queue_uncond`. In case it is unset, we'll silently return and > > not try to invoke the callback, thus fixing the NPE. > > > > Signed-off-by: Patrick Steinhardt > > --- > > > > Since at least v4.14, I am easily able to trigger above NPE by > > unplugging USB mass storage devices on my computer (Skylake, ASUS > > Z170I) with CONFIG_SCSI_MQ_DEFAULT=3Dy. The attached patch fixes > > the issue, but keep in mind that this is my first patch, so the > > proposed fix may not be appropriate at all. Feedback would be > > highly appreciated. > > > > block/blk-core.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/block/blk-core.c b/block/blk-core.c > > index f84a9b7b6f5a..0a2041660cd9 100644 > > --- a/block/blk-core.c > > +++ b/block/blk-core.c > > @@ -456,7 +456,7 @@ inline void __blk_run_queue_uncond(struct request_q= ueue *q) > > lockdep_assert_held(q->queue_lock); > > WARN_ON_ONCE(q->mq_ops); > > > > - if (unlikely(blk_queue_dead(q))) > > + if (unlikely(!q->request_fn) || unlikely(blk_queue_dead(q))) > > return; > > >=20 > Now runtime PM is disabled for blk-mq/scsi_mq, not sure how this issue is > triggered on your machine. >=20 > Could you share the steps for reproducing this issue? I bet that the issue stems from custom hotplugging scripts then, which change the value of power/control. See the attachment of this mail for all sysfs changes that are being performed after plugging in the USB stick. Basically, the reproduction steps on my machine are: 1. plug in USB stick (assumed to be /dev/sdb now) 2. wait a short amount of time 3. dd if=3D/dev/sdb of=3D/dev/null bs=3D4M 4. wait a short amount of time 5. unplug the USB stick, which immediately crashes the system The issue isn't always reproducible, I think there is some variance depending on how much time passes by at step 2 and/or 4. It probably is related to the autosuspend delay. From my experience the crash becomes more likely the longer I wait after step 4. Regards Patrick --CblX+4bnyfN0pR09 Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="sysfs.log" /sys//devices/pci0000:00/0000:00:14.0/usb2/2-2/power/autosuspend_delay_ms -> 60000 /sys//devices/pci0000:00/0000:00:14.0/usb2/2-2/power/control -> auto /sys//devices/pci0000:00/0000:00:14.0/usb2/2-2/power/control -> on /sys//devices/pci0000:00/0000:00:14.0/usb2/2-2/2-2:1.0/host4/power/autosuspend_delay_ms -> 60000 /sys//devices/pci0000:00/0000:00:14.0/usb2/2-2/2-2:1.0/host4/power/control -> auto /sys//devices/pci0000:00/0000:00:14.0/usb2/2-2/2-2:1.0/host4/scsi_host/host4/power/autosuspend_delay_ms -> 60000 /sys//devices/pci0000:00/0000:00:14.0/usb2/2-2/2-2:1.0/host4/scsi_host/host4/power/control -> auto /sys//devices/pci0000:00/0000:00:14.0/usb2/2-2/2-2:1.0/host4/target4:0:0/4:0:0:0/power/autosuspend_delay_ms -> 60000 /sys//devices/pci0000:00/0000:00:14.0/usb2/2-2/2-2:1.0/host4/target4:0:0/4:0:0:0/scsi_device/4:0:0:0/power/autosuspend_delay_ms -> 60000 /sys//devices/pci0000:00/0000:00:14.0/usb2/2-2/2-2:1.0/host4/target4:0:0/4:0:0:0/bsg/4:0:0:0/power/autosuspend_delay_ms -> 60000 /sys//devices/pci0000:00/0000:00:14.0/usb2/2-2/2-2:1.0/host4/target4:0:0/4:0:0:0/power/control -> auto /sys//devices/pci0000:00/0000:00:14.0/usb2/2-2/2-2:1.0/host4/target4:0:0/4:0:0:0/scsi_device/4:0:0:0/power/control -> auto /sys//devices/pci0000:00/0000:00:14.0/usb2/2-2/2-2:1.0/host4/target4:0:0/4:0:0:0/bsg/4:0:0:0/power/control -> auto /sys//devices/pci0000:00/0000:00:14.0/usb2/2-2/2-2:1.0/host4/target4:0:0/power/autosuspend_delay_ms -> 60000 /sys//devices/pci0000:00/0000:00:14.0/usb2/2-2/2-2:1.0/host4/target4:0:0/power/control -> auto /sys//devices/virtual/bdi/8:16/power/autosuspend_delay_ms -> 60000 /sys//devices/pci0000:00/0000:00:14.0/usb2/2-2/2-2:1.0/host4/target4:0:0/4:0:0:0/scsi_disk/4:0:0:0/power/autosuspend_delay_ms -> 60000 /sys//devices/virtual/bdi/8:16/power/control -> auto /sys//devices/pci0000:00/0000:00:14.0/usb2/2-2/2-2:1.0/host4/target4:0:0/4:0:0:0/scsi_disk/4:0:0:0/power/control -> auto /sys//devices/pci0000:00/0000:00:14.0/usb2/2-2/2-2:1.0/host4/target4:0:0/4:0:0:0/block/sdb/power/autosuspend_delay_ms -> 60000 /sys//devices/pci0000:00/0000:00:14.0/usb2/2-2/2-2:1.0/host4/target4:0:0/4:0:0:0/block/sdb/sdb2/power/autosuspend_delay_ms -> 60000 /sys//devices/pci0000:00/0000:00:14.0/usb2/2-2/2-2:1.0/host4/target4:0:0/4:0:0:0/block/sdb/power/control -> auto /sys//devices/pci0000:00/0000:00:14.0/usb2/2-2/2-2:1.0/host4/target4:0:0/4:0:0:0/block/sdb/sdb2/power/control -> auto /sys//devices/pci0000:00/0000:00:14.0/usb2/2-2/2-2:1.0/host4/target4:0:0/4:0:0:0/block/sdb/sdb1/power/autosuspend_delay_ms -> 60000 /sys//devices/pci0000:00/0000:00:14.0/usb2/2-2/2-2:1.0/host4/target4:0:0/4:0:0:0/block/sdb/sdb1/power/control -> auto --CblX+4bnyfN0pR09-- --ieNMXl1Fr3cevapt Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEtmscHsieVjl9VyNUEXxntp6r8SwFAltMtbkACgkQEXxntp6r 8SzTZw//eymI5QedFIbDBoPdIVsnBJJSdodpu/pMjHcOXIvaPoBAM0ma6V49YRtG slcAs69j6EA8zbpqwJTwJ6tKKaZSJW9m7BuYowvqtbbkHwDfbwmZWQi8ZwI+LisU dLHJyrR5cbPCF5it2VcBj0qI2nCmFA44jN5wu2AuUFLTwN7/N48lX57ghRajnOV/ mbqYTrqU4IH9IveNXcJ/knkIrIBzXv630ujML28uuvU8nzCOIyeJ1Um1RNWR3HK4 1yDJE2l3gUwNPFCQdm9Rj7/aRDMZUmDZl9VeAMDRR3EjHbP1yO4Fow6k2xTKH/l9 KYXeBRkuRx8MQZElsEKJ45JknM9oWKpg9AqdFqa8hEPjmqx3MpmDNW3JPKz3k8nK 4tdLVeM+URDwItfqI+WaRpBO66T268huSNgRdd5uROWro2GY0Hoy7hEx57JY6Rb1 n1MEs0rN304iOVO7lhWrY7LUB+6XcP1QXOSYMGwv7/aahNO1aN2QRG923qViDcnY VpRFZqNIqvchQJhEHYsver5LqmzJ5pOvM9An0Feq3v7clJRknmBo6aXlh21W/1lA H3oFOKT6CTHHHejfB1g5UUjibPUm6kYCse43qMNHusgW0T1XxvgqeT5+YKCyIkfo v9xyM8wgaqZGJcpUjP+6RTKdMwve2zSHE2cHCFHWmspYuqZ7cdQ= =DaPo -----END PGP SIGNATURE----- --ieNMXl1Fr3cevapt--